Adding a TPM to Intel Motherboards
One of the frustrating things about many desktop motherboards is that they don’t come with a built in TPM module. I can understand why, as this is more useful for enterprise and mobile installations. Many do come with the necessary header, like the Intel DH87RL, but I haven’t been able to find a module to plug into it. Until now…
While browsing Amazon the other day, I happened to find an ASUS module with the same 20 (19+1) pin layout and suprisingly enough it worked just fine.
So what does TMP do?
So what does TMP do?
ceh4702 wrote:
So what does
[quote=ceh4702]
So what does TMP do?
[/quote]
You should Google it. It’s a nasty piece of hw that when combined with a nasty OS (Win 8+) creates an invisible (to tools like WireShark) backdoor. The German Gov’t has banned it’s use following the NSA revelations. Apple and Linux don’t support it.
I’m surprised to find this on a Media Center related site and completley devoid of an explanation. What gives?
sogetthis wrote:
It’s a
[quote=sogetthis]
It’s a nasty piece of hw that when combined with a nasty OS (Win 8+) creates an invisible (to tools like WireShark) backdoor. The German Gov’t has banned it’s use following the NSA revelations. Apple and Linux don’t support it.
[/quote]
I think you forgot to put a tinfoil hat emoicon at the end there. (You know that Wireshark is a network analysis tool and doesn’t deal w/ data at that level?)
Also, some quick Googling indicates that it is indeed possible to use a TPM w/ Linux.
[quote=sogetthis]
I’m surprised to find this on a Media Center related site and completley devoid of an explanation. What gives?
[/quote]
Security is about creating inconvenience, so the right question to ask is whether and for whom a TPM shifts the balance of inconvenience. In general, there is no way I can enable BitLocker on a family PC without one. Without a technology like BitLocker, the data on my HDD is stored in the clear. If someone were to steal my PC, they would have access to all sorts of data which I’d rather them not have. If it is encrypted, the bar to which they must rise is significantly higher than, um, nothing.
Is it possible that using a TPM makes it more convenient for some group with unlimited resources to decrypt my data? I suppose it is, but that group has the processor time and manpower to do it anyway, so I’m not sure why that an important concern. Especially because the probability of me running afoul of one of these groups approaches zero.
HTPC are PC. PC can have TPM. TPM make it easier to secure data on a PC. It’s possible that you may want to secure the data on your HTPC.
Trusted Platform Module (TPM)
Trusted Platform Module (TPM) is a little bit of hardware that you can use to store and generate cryptographic keys. There’s a more detailed explanation on Wikipedia (that I linked above).
The main reason I wanted to add on is because it makes BitLocker much easier to use. The key used to encrypt the contents of the PC is stored there instead of having to enter a password each time.
I wonder what effect this
I wonder what effect this would have on a system that gets infected with the latest malware/virus that encrypts your files and then holds you for ransom to get them unencrypted?
It shouldn’t have any. The
It shouldn’t have any. The best way to mitigate that sort of attack (besides the obvious stuff around good computing practices) is to keep historical point-in-time backups of all your critical data.